Sheri,
Excellent points! I have worked at companies where employees would "prank" employees who left their computer unlocked to make the point. Not a good way to learn a lesson but, your point is very valid! Thanks for sharing as your experience should make the point for many out there who don't realize the significant risk associated with loose practices on system access.
Traci Lee
I believe Human Resources is a key piece simply because it sets the standard for all employees. If that office has a "compliant" approach to the business it will be communicated and filtered down to all staff levels.
I agree shredding is very important to protect student information as well as staying compliant.
For this discussion, I have chosen information security. At our campus, we have secure bins that all staff has access to. These bins have an opening similar to a trash bin at a fast food restaurant, where papers needing to be shredded can be slid into but not retrieved back out of. It is locked with a key lock. If papers are accidently inserted, then security can be contacted and the bin can be unlocked. These bins are then emptied and the contents shredded by a contracted, and secure service.
Jeanne,
Thanks for sharing this example of your methods for securing private information. In today's world, privacy is a hot topic and necessary to have such procedures in place.
Traci Lee
All of the areas mentioned above are important in a compliant culture, but especially marketing. In today's information age, many times students make their decision based on the school's marketing efforts. Students are more savvy than before and there have been quite a few schools who have come under negative scrutiny based on inappropriate marketing efforts. For this reason, many regulations have been put into place to control misinformation and add transparency for the sake of the student. Schools should always be proactive in their marketing efforts to help students make an informed decision not just try to increase enrollments. Inappropriate marketing not only affects students, but also the employees at the school who just want to do the right thing.
Information security in today's world has become extremely important considering most functions are performed online. Sensitive information is stored on company networks, Student Information Systems and sent through email. Without a compliant information security plan in place very personal information belonging to students and employees of a company can become public knowledge. Information security information should be reviewed and tested regularly to ensure the safety of all person information.
Kelly,
This is definitely more and more recognized as an area of focus for compliance.
Traci Lee
I agree, all the information we obtain from the student's is extremely important and it is our job to maintain their privacy secure at all times.
Information security is critical for the student as well as the school. Once a student enrolls they are trusting the institution entirely for their privacy. In order to stay in compliance all their information is private and confidential.
Amamphes,
I agree regarding the importance of the student's privacy rights. Additionally, FERPA compliance includes ensuring that the student has access to his/her records and must be notified of such rights annually. Be sure to remember these additional compliance factors when reviewing a school's compliance with requirements on student records.
Traci Lee
Marketing is a vital area for compliance. The Marketing Department provides the outside world/potential student view of what to expect from the school. If the school is being misrepresented or if inaccurate information is being disseminated by the Marketing Department, it could affect both future and current enrollment in a negative way.
Elizabeth,
Misrepresentation is certainly a key area of focus in the current regulatory environment that is emphasizing transparency and accuracy in communications with students and prospective students.
Traci Lee
In our school we have a information segurity process, that all employees has to follow. Every department have a papers shredder in order to maintain the privacy of the documents.
Maria,
Glad to hear that you have shredders in multiple departments. The more convenient these are, the more likely documents will be properly destroyed rather than just placed in a garbage can.
Traci Lee
information security has gone way beyond having the social security number or phone number and address. WE just recently added another form to the orientation paperwork for us to call or text a student on their cell phone. At our school we have always kept student records in fire proof file cabinets in a locked room. We keep academic files indefinitely and financial files for 3 years past the last disbursement. I have always kept the exit paperwork portion of financial paperwork in the academic files for any collections that may be needed such as prom notes and exiting paperwork either signed or mailed out. I have found in the past that I have needed these forms to discuss a debt owed to the school.
Darlene,
You bring up a good point on the text/calls to cell phones. I am curious to hear how other schools are handling this - does anyone want to share their practices? Specifically, I am curious to hear how and when schools are asking students to "opt in" to receive texts.
Traci Lee
As a former Marine, discipline is the foundation of all functioning in order to survive. FERPA can not be more critical as it walks the line of ethics and privacy connected to a way of life one should live. The ability to have personal integrity and discipline will be the foundation and framework needed to continue in and as a compliant culture in any organization.
I think all three areas covered are extremely important.
All three areas are critical to creating a compliant culture in an organization.
